From de85897f59551f4015749f9afe022a29f74183e9 Mon Sep 17 00:00:00 2001 From: Simon Stone <sstone1@uk.ibm.com> Date: Mon, 18 May 2020 08:40:43 +0100 Subject: [PATCH] Separate identity registration from CA creation (contributes to #235) (#237) Signed-off-by: Simon Stone <sstone1@uk.ibm.com> --- roles/endorsing_organization/tasks/create.yml | 42 +++++++++++++------ roles/ordering_organization/tasks/create.yml | 42 +++++++++++++------ 2 files changed, 60 insertions(+), 24 deletions(-) diff --git a/roles/endorsing_organization/tasks/create.yml b/roles/endorsing_organization/tasks/create.yml index 133f7136..eed96691 100644 --- a/roles/endorsing_organization/tasks/create.yml +++ b/roles/endorsing_organization/tasks/create.yml @@ -28,14 +28,6 @@ hf.GenCRL: true hf.Registrar.Attributes: "*" hf.AffiliationMgr: true - - name: "{{ organization_admin_enrollment_id }}" - pass: "{{ organization_admin_enrollment_secret }}" - type: admin - maxenrollments: -1 - - name: "{{ peer_enrollment_id }}" - pass: "{{ peer_enrollment_secret }}" - type: peer - maxenrollments: -1 tlsca: registry: maxenrollments: -1 @@ -52,10 +44,6 @@ hf.GenCRL: true hf.Registrar.Attributes: "*" hf.AffiliationMgr: true - - name: "{{ peer_enrollment_id }}" - pass: "{{ peer_enrollment_secret }}" - type: peer - maxenrollments: -1 resources: "{{ ca_resources | default(omit) }}" storage: "{{ ca_storage | default(omit) }}" wait_timeout: "{{ wait_timeout | default(omit) }}" @@ -74,6 +62,36 @@ enrollment_secret: "{{ ca_admin_enrollment_secret }}" path: "{{ playbook_dir }}/{{ ca_name }} Admin.json" +- name: Register the organization admin + ibm.blockchain_platform.registered_identity: + state: "{{ state }}" + api_endpoint: "{{ api_endpoint }}" + api_authtype: "{{ api_authtype }}" + api_key: "{{ api_key }}" + api_secret: "{{ api_secret | default(omit) }}" + api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" + certificate_authority: "{{ ca_name }}" + registrar: "{{ playbook_dir }}/{{ ca_name }} Admin.json" + enrollment_id: "{{ organization_admin_enrollment_id }}" + enrollment_secret: "{{ organization_admin_enrollment_secret }}" + max_enrollments: -1 + type: admin + +- name: Register the peer + ibm.blockchain_platform.registered_identity: + state: "{{ state }}" + api_endpoint: "{{ api_endpoint }}" + api_authtype: "{{ api_authtype }}" + api_key: "{{ api_key }}" + api_secret: "{{ api_secret | default(omit) }}" + api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" + certificate_authority: "{{ ca_name }}" + registrar: "{{ playbook_dir }}/{{ ca_name }} Admin.json" + enrollment_id: "{{ peer_enrollment_id }}" + enrollment_secret: "{{ peer_enrollment_secret }}" + max_enrollments: -1 + type: peer + - name: Enroll the organization admin ibm.blockchain_platform.enrolled_identity: state: "{{ state }}" diff --git a/roles/ordering_organization/tasks/create.yml b/roles/ordering_organization/tasks/create.yml index ecae836f..c688b5fc 100644 --- a/roles/ordering_organization/tasks/create.yml +++ b/roles/ordering_organization/tasks/create.yml @@ -28,14 +28,6 @@ hf.GenCRL: true hf.Registrar.Attributes: "*" hf.AffiliationMgr: true - - name: "{{ organization_admin_enrollment_id }}" - pass: "{{ organization_admin_enrollment_secret }}" - type: admin - maxenrollments: -1 - - name: "{{ ordering_service_enrollment_id }}" - pass: "{{ ordering_service_enrollment_secret }}" - type: orderer - maxenrollments: -1 tlsca: registry: maxenrollments: -1 @@ -52,10 +44,6 @@ hf.GenCRL: true hf.Registrar.Attributes: "*" hf.AffiliationMgr: true - - name: "{{ ordering_service_enrollment_id }}" - pass: "{{ ordering_service_enrollment_secret }}" - type: orderer - maxenrollments: -1 resources: "{{ ca_resources | default(omit) }}" storage: "{{ ca_storage | default(omit) }}" wait_timeout: "{{ wait_timeout | default(omit) }}" @@ -74,6 +62,36 @@ enrollment_secret: "{{ ca_admin_enrollment_secret }}" path: "{{ playbook_dir }}/{{ ca_name }} Admin.json" +- name: Register the organization admin + ibm.blockchain_platform.registered_identity: + state: "{{ state }}" + api_endpoint: "{{ api_endpoint }}" + api_authtype: "{{ api_authtype }}" + api_key: "{{ api_key }}" + api_secret: "{{ api_secret | default(omit) }}" + api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" + certificate_authority: "{{ ca_name }}" + registrar: "{{ playbook_dir }}/{{ ca_name }} Admin.json" + enrollment_id: "{{ organization_admin_enrollment_id }}" + enrollment_secret: "{{ organization_admin_enrollment_secret }}" + max_enrollments: -1 + type: admin + +- name: Register the ordering service + ibm.blockchain_platform.registered_identity: + state: "{{ state }}" + api_endpoint: "{{ api_endpoint }}" + api_authtype: "{{ api_authtype }}" + api_key: "{{ api_key }}" + api_secret: "{{ api_secret | default(omit) }}" + api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" + certificate_authority: "{{ ca_name }}" + registrar: "{{ playbook_dir }}/{{ ca_name }} Admin.json" + enrollment_id: "{{ ordering_service_enrollment_id }}" + enrollment_secret: "{{ ordering_service_enrollment_secret }}" + max_enrollments: -1 + type: orderer + - name: Enroll the organization admin ibm.blockchain_platform.enrolled_identity: state: "{{ state }}"